Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
Undo revision 1080938 by Dirkw (talk)
(Undo revision 1080937: please submit your changes on github. direct modifications are not permitted.) |
|||
| Line 270: | Line 270: | ||
== Pre-defined DHE groups == | == Pre-defined DHE groups == | ||
In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [https://weakdh.org | In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [[https://weakdh.org|logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in [[https://tools.ietf.org/html/rfc2409#section-6.2|rfc2409]]. | ||
For this reason, the use of this group is considered unsafe and you should either: | For this reason, the use of this group is considered unsafe and you should either: | ||
| Line 278: | Line 278: | ||
It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a | It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a | ||
standardized one when setting up a new server, as advised by the [https://weakdh.org logjam] authors. | standardized one when setting up a new server, as advised by the [[https://weakdh.org|logjam]] authors. | ||
== DHE and ECDHE support == | == DHE and ECDHE support == | ||